Micro-Segmentation for your Network and Applications


VMware NSX Data Center helps you operationalize micro-segmentation for applications in private and public cloud environments. Whether your goal is to lock down critical applications with VMware's Service-Defined Firewall, create logical DMZs in software, or reduce the attack surface of a virtual desktop environment, NSX Data Center enables you to enforce consistent network security policies on any workload hosted anywhere.

NSX security microsegmentation overview

Video Play Icon

Learn about NSX security and micro-segmentation

Evolving Micro-Segmentation for Preventive Security: Adaptive Protection in a DevOps World

Evolving Micro-Segmentation for Preventive Security: Adaptive Protection in a DevOps World

Micro-Segmentation benefits of NSX Data Center

Complete Application Visibility for Stronger Policy


Simplify the creation of network security policies with NSX Data Center’s unique visibility into application composition. Identify all east-west traffic within and between applications, as well as the processes that initiated the traffic to help automate the creation of security policies and micro-segments.

Consistent Enforcement of Security Policy


Stop managing separate policies for different parts of the environment. With NSX Data Center, you can define and enforce a single network security policy across multi-data-center and hybrid cloud environments to secure traffic between VMs, containers, and bare metal servers, alike.

Adaptive Network Security Policy


Shift security from a reactive process to a proactive step in the application development lifecycle. Automatically provision security policies for each workload that will remain with the workload even as the application changes over time. When workloads are deprecated, so are their security policies -- decreasing policy bloat over time and further simplifying management.

Micro-Segmentation Use Cases for NSX Data Center 

Enable Micro-segmentation with the Service-defined Firewall

NSX Data Center delivers the Service-Defined Firewall to protect your critical applications by combining strategies like adaptive micro-segmentation and process allowlisting. The Service-Defined Firewall establishes a verified understanding of known good application behavior from which it generates adaptive security policies to shrink the application attack surface consistently, across on-premises and multi-cloud environments.

Learn more about VMware’s Service-Defined Firewall here 

Secure Virtual Desktop Environments

Protect VDI environments by enforcing security policy at the virtual desktop and RDSH session level. Additionally, you can use NSX Data Center to manage virtual desktop network traffic with software-defined load balancing. This approach eliminates costs for additional load balancer hardware and simplifies management for VDI-generated network traffic.

Watch this video to learn how NSX Data Center brings simplicity to VDI networking 

Create DMZs in Software

Create and manage DMZs entirely in software, reducing the need for additional costly physical hardware and significantly simplifying ongoing management.

Watch this video on how to use NSX Data Center to create a virtualized DMZ  See how University of New Mexico built its DMZ in Software 

Agentless Antivirus for Workloads

Boost workload performance and reduce management headaches by offloading antivirus agents to the hypervisor, using Agentless AV. When AV identifies a threat, automatically act using NSX Data Center.

Test-Drive Micro-segmentation

Try the NSX Data Center Micro-Segmentation Hands-on Lab, no installation required.

See Lab Details 

Success Stories

Interfaith Medical Center Protects Critical Patient Data with NSX Data Center

Interfaith Medical Center Protects Critical Patient Data with NSX Data Center

NSX Data Center enables Interfaith Medical Center to embrace a zero trust security model, providing better patient data security and meeting compliance mandates.

Read Case Study